https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1127458#M837 <P>Hi there,</P><P>&nbsp;</P><P>New to the forum and happy owner of an Arlo Q soon to be extended with some wire-free Arlos.&nbsp;<img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.arlo.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P>&nbsp;</P><P>I remember a while back seeing a post (but cannot find it anywhere again) mentionning a serious security flaw allowing to bypass Touch ID login without entering the passwod on the iOS Arlo app 2.1.2 (Released August 1st) giving full access to the online system and the library. This stand with the 2 latest releases of iOS 9.3.3&amp;9.3.4 so definitely app related. Perhaps it wasn't for this version of the app but the problem persists.</P><P>&nbsp;</P><P>I found it too and is quite easy to figure out and works 100%.</P><P>&nbsp;</P><P>I won't give the steps here for obvious reasons but could a Netgear rep get in touch with me for me to pass on the exact repro steps or if acknowledged and spotted already by the dev team give an ETA for the fix in this thread? This is a major issue!</P><P>&nbsp;</P><P>Thanks!</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 27 Sep 2016 17:07:15 GMT Dinerve 2016-09-27T17:07:15Z https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1127458#M837 <P>Hi there,</P><P>&nbsp;</P><P>New to the forum and happy owner of an Arlo Q soon to be extended with some wire-free Arlos.&nbsp;<img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://community.arlo.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P><P>&nbsp;</P><P>I remember a while back seeing a post (but cannot find it anywhere again) mentionning a serious security flaw allowing to bypass Touch ID login without entering the passwod on the iOS Arlo app 2.1.2 (Released August 1st) giving full access to the online system and the library. This stand with the 2 latest releases of iOS 9.3.3&amp;9.3.4 so definitely app related. Perhaps it wasn't for this version of the app but the problem persists.</P><P>&nbsp;</P><P>I found it too and is quite easy to figure out and works 100%.</P><P>&nbsp;</P><P>I won't give the steps here for obvious reasons but could a Netgear rep get in touch with me for me to pass on the exact repro steps or if acknowledged and spotted already by the dev team give an ETA for the fix in this thread? This is a major issue!</P><P>&nbsp;</P><P>Thanks!</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 27 Sep 2016 17:07:15 GMT https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1127458#M837 Dinerve 2016-09-27T17:07:15Z https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1127740#M838 <P>Dinerve,</P> <P>&nbsp;</P> <P>Feel free to private message me your findings and I will create a case and escalate as necessary.</P> <P>&nbsp;</P> <P>Thank you,</P> <P>JamesC</P> Tue, 16 Aug 2016 16:48:59 GMT https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1127740#M838 JamesC 2016-08-16T16:48:59Z https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1127874#M839 <P>Hey JamesC,</P><P>&nbsp;</P><P>Thanks for getting back to me, I've PM'd you as requested.</P><P>&nbsp;</P><P>Cheers,</P> Tue, 16 Aug 2016 23:34:20 GMT https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1127874#M839 Dinerve 2016-08-16T23:34:20Z https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1128205#M840 <P>Dinerve,</P> <P>&nbsp;</P> <P>Thank you for bringing this to our attention. I have created and escalated a case with the information you have provided.</P> <P>&nbsp;</P> <P>JamesC</P> Wed, 17 Aug 2016 17:24:56 GMT https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1128205#M840 JamesC 2016-08-17T17:24:56Z https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1128216#M841 <P>Thanks,</P><P>&nbsp;</P><P>I hope it will be adressed in the upcoming 2.1.3 version of the iOS app!</P> Wed, 17 Aug 2016 18:12:23 GMT https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1128216#M841 Dinerve 2016-08-17T18:12:23Z https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1130720#M842 <P>So, I was hoping this would be resolved with 2.1.3 but it's not.</P><P>&nbsp;</P><P>Should I make the video public to gain some traction? I'm sure this was reported before me as well and can't find the thread anymore!</P><P>&nbsp;</P><P>Currently under iOS someone can log in without your fingerprint or password! This is major both in terms of security AND privacy and needs a quick fix! C'mon guys!</P> Wed, 24 Aug 2016 00:58:22 GMT https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1130720#M842 Dinerve 2016-08-24T00:58:22Z https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1131028#M843 <P>Dinerve,</P> <P>&nbsp;</P> <P>This issue is still under investigation by the engineering team. We take security and privacy concerns very seriously and hope to be able to provide a solution quickly.</P> <P>&nbsp;</P> <P>I have requested an update on this and will post again once I have more information.</P> <P>&nbsp;</P> <P>JamesC</P> Wed, 24 Aug 2016 17:39:20 GMT https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1131028#M843 JamesC 2016-08-24T17:39:20Z https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1131405#M844 <P>Thanks JamesC,</P><P>&nbsp;</P><P>Looking forward to have this addressed.</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 25 Aug 2016 15:36:26 GMT https://community.arlo.com/t5/Features/Important-Security-Bug-iOS-Arlo-App-2-1-2/m-p/1131405#M844 Dinerve 2016-08-25T15:36:26Z